The United States and Israel jointly developed the Flame espionage malware to collect information that would be useful in disrupting Iran's nuclear program, the Washington Post reported, citing unnamed Western officials with knowledge of the operation.

While important, the report isn't entirely unexpected. Researchers said last week they had conclusive proof that developers of Flame collaborated with developers of Stuxnet, the highly sophisticated computer worm that targeted uranium enrichment operations in Iran's Natanz nuclear facility. A week before that, an in-depth article in the New York Times provided the first confirmation that Stuxnet was created by the US and Israel before they ultimately lost control of it. Flame was part of "Olympic Games," the same classified effort that spawned Stuxnet, Washington Post journalists Ellen Nakashima, Greg Miller, and Julie Tate reported Tuesday.

Still, the report is the first to cite unnamed officials saying Flame was jointly devised by personnel in the National Security Agency, the CIA, and Israel's military. As such, it has helped to flesh out details of what is believed to be the first sustained campaign of computer-aided sabotage of a US adversary. And like the confirmation that Stuxnet received the explicit backing from two US presidents, the latest confirmation could harm US interests by touching off a cyber-arms race and making it harder for US officials to argue against their use.

Flame came to light after Iranian engineers detected malware attacks targeting the country's oil refineries. According to Tuesday's report, "The disruption was directed by Israel in a unilateral operation that apparently caught its US partners off guard, according to US and Western officials, speaking on the condition of anonymity." The article goes on to say the episode was what prompted Iran to learn it was being targeted by Flame. "Some US intelligence officials were dismayed that Israel's unilateral incursion led to the discovery of the virus, prompting countermeasures," it stated.

The precise connection between Flame and the malware that targeted Iran's oil industry is still unknown.

Last week, researchers from Kaspersky Lab said a chunk of code found in an early version of Stuxnet contained the same fingerprints found in Flame. The binary from 2009 included an exploit of what was then an undocumented vulnerability in Microsoft's Windows operating system, a revelation that brings the number of zero-day security flaws targeted by Stuxnet to five. Kaspersky Lab expert Roel Schouwenberg speculated that Flame was a precursor to Stuxnet and was used as a "kick-starter" to get the latter project going.

Flame was a highly stealthy rootkit that used the work of world-class cryptographers and mathematicians to spread from machine to machine, even on hardened networks. After infecting a system, it manipulated microphones, cameras, and Bluetooth functions to spy on people in the immediate vicinity. It was also able to cross "air-gapped" networks which aren't connected to the Internet by stashing interception communication on USB drives. While other espionage programs have many of the same capabilities, Flame's sophistication was the ability to bundle all of this together in a 20-megabyte collection of binaries that worked seamlessly.

Stuxnet was a worm programmed to replicate on computers in Iranian enrichment facilities. Once in place, it caused malfunctions by forcing uranium centrifuges to spin too fast or too slow, while simultaneously reporting operations were running normally.

Promoted Comments

I just hope I die of old age before this all comes to critical mass, although that is highly unlikely. The future looks quite bleak from my point of view. If we spent all the money from these malware projects on space exploration and/or alternative energy sources, we would have been far better off. I might have been able to get off this crappy rock by now, because this is only going to get worse.

And like the confirmation that Stuxnet received the explicit backing from two US presidents, the latest confirmation could harm US interests by touching off a cyber-arms race and making it harder for US officials to argue against their use.

I said it in the last article, and I'll say it again in this one: That statement is BS. State-sponsored cyber-espionage/sabotage has been going on and increasing for at least a decade, if not a lot longer (with the USA being the primary target of the ROtW), and will continue to increase whether or not the USA participates or admits participating. The only thing that has changed is now the rest of the countries playing this game know that the USA also knows how to play, and play very well.

127 Reader Comments

I just hope I die of old age before this all comes to critical mass, although that is highly unlikely. The future looks quite bleak from my point of view. If we spent all the money from these malware projects on space exploration and/or alternative energy sources, we would have been far better off. I might have been able to get off this crappy rock by now, because this is only going to get worse.

If it's true that Flame and Stuxnet were created by the U.S. and Isreal, then are citizens of those countries committing treason by talking about them publicly? When we discuss how Flame works, what it might be used for, and the mere fact that it exists, are we not "aiding and abetting the enemy," an act (in the US) punishable by a fine, imprisonment, or even death?

Israel will not allow Iran to possess nuclear weapons, full stop. They will take whatever action they deem necessary to prevent Iran from developing or acquiring them.

The US does not want a full blown shooting war between them, because if Iran and Israel start shooting at each other others are going to jump in. Israel has the means and will to glass anyone who attacks them if they feel they have no other option. Even in a conventional war the non-Israeli casualties will be ugly.

Flame was designed to facilitate future cyberweapons like Stuxnet, whose purpose is to delay Iranian nuclear research in a controlled, predictable, non-lethal, and covert fashion. The US isn't trying to start a war with Flame, Stuxnet, and whatever else happens to be trawling it's way through Iranian information systems right now. It's trying to prevent one, or at the very least, delay the Iranian program long enough for saner heads to prevail.

That's by far the most likely scenario. The US has nothing to gain by getting itself into a shooting war with anyone right now, much less another Arab country, and the US has nothing to gain by the entire region going up in flames if Israel feels forced to act. Israel has nothing to gain by going to war as long as another option exists in their minds. The reasons why each involved party is behaving in a particular way or wants/does not want a particular thing (e.g. oil) are immaterial to what this program is designed to do. The political, religious, ethnic, etc. components are immaterial. The reality is that right now on the Earth, a cyberweapons campaign to prevent Iran from building the bomb is a net good thing for everyone. You can argue the political "why" of the entire affair from any angle until you are blue in the face, but right now nobody in their right mind should want Iran to have the bomb, because if they do, there will be a seriously ugly war over there.

Agree with the main thrust of this, but let's remember that Iran is *not* an Arab country, is full of Shi'ites, and both the Saudis and the UAE have made very recent large weapons purposes from us to fend off perceived or potential Iranian aggresion. The Saudis went so far as to tell the Israelis they wouldn't stop them from overflight on the way to Iran.

Agree with the main thrust of this, but let's remember that Iran is *not* an Arab country, is full of Shi'ites, and both the Saudis and the UAE have made very recent large weapons purposes from us to fend off perceived or potential Iranian aggresion. The Saudis went so far as to tell the Israelis they wouldn't stop them from overflight on the way to Iran.

Thanks for the correction, I was writing while suffering through a conference call and wasn't paying attention.

The bigger shock is that once again an American inside source trying to make Obama look like a hero blames Israel, while the Israeli's can keep their mouth shut even though they are being screwed over.

Keep hitting refresh, my friend! Fox News may put out another talking point for you to echo and you can look ever-so-smart!

Classy, but I'll respond to the troll.

The leaks were clearly from sources close to Obama. The New York Times quoted from some of those present in high-level meetings between Obama and his inner circle.

All of those leaks were clearly done to portray the Obama administration in a good light. The Bin Laden raid, the printer bombs, drones, stuxnet etc. were all carried out almost perfectly. The only mistakes were the discovery of Flame and Stuxnet. And in both cases the sources glorifying Obama conveniently found a scapegoat outside of the Obama administration, that it knew was responsible enough not to 'leak' its side of the story.So again you are only reading one point of view, and that point of view is the one that has Obama as a hero, and someone else responsible for all mistakes.

I have always questioned the media insistence about the publis's right to know. If the media broadcasts the details of a covert activity, then the operation is compromised because it is no longer a secret. The bad guys read the paper too.

Why can't this country (USA) keep secrets anymore? Heck, our enemies don't need to waste money on spies and espionage, all they need to do is talk to member of US Congress, or read any US newspaper. We spend taxpayer money developing sophisticated software and hardware, and then basically give it away! Nice way to run a war.

Why can't this country (USA) keep secrets anymore? Heck, our enemies don't need to waste money on spies and espionage, all they need to do is talk to member of US Congress, or read any US newspaper. We spend taxpayer money developing sophisticated software and hardware, and then basically give it away! Nice way to run a war.

Because the Obama administration thinks that these acts of terrorism make them look good, just like the so-called signature strikes in Yemen (where they kill people without knowing who they are).

1. Olympic Games included a mock up of the Iranian facility2. the mock up was clever and parts of it distributed so that the folks working nearby didn't notice it3. this project allowed Pres. Bush to push back on those wanting to bomb Iran and he urged 44 to continue it-which he did-------

Who says that flame/stuxnet are the only programs that have been used? Or even the most effective?And what other parts of the Iranian infrastructure have been infected? Radar? Planes? Weapons systems? Banks? Nuclear weapon simulation programs?

The Iranians have known that something fishy has been going on for years but don't know what all has been infected. Olympic Games has got to have them worried about everything.

And like the confirmation that Stuxnet received the explicit backing from two US presidents, the latest confirmation could harm US interests by touching off a cyber-arms race and making it harder for US officials to argue against their use.

I said it in the last article, and I'll say it again in this one: That statement is BS. State-sponsored cyber-espionage/sabotage has been going on and increasing for at least a decade, if not a lot longer (with the USA being the primary target of the ROtW), and will continue to increase whether or not the USA participates or admits participating. The only thing that has changed is now the rest of the countries playing this game know that the USA also knows how to play, and play very well.

Author, you base your article on unnamed sources. But I question "National Security Agency, the CIA, and Israel's military" working together. It doesn't pass the common-sense test. In order words two many fingers in the pie.

Agree with the main thrust of this, but let's remember that Iran is *not* an Arab country, is full of Shi'ites, and both the Saudis and the UAE have made very recent large weapons purposes from us to fend off perceived or potential Iranian aggresion. The Saudis went so far as to tell the Israelis they wouldn't stop them from overflight on the way to Iran.

Iran is not an Arab country, but not just because they're Shi'ites.

Iran is in fact a Persian country. However, the fact that they're Shi'ites makes them heretics in the eyes of the Saudi hardliners (Wahhabi Sunnis). Just like Protestants were heretics for Roman Catholics during the 16th century.

If it's true that Flame and Stuxnet were created by the U.S. and Isreal, then are citizens of those countries committing treason by talking about them publicly? When we discuss how Flame works, what it might be used for, and the mere fact that it exists, are we not "aiding and abetting the enemy," an act (in the US) punishable by a fine, imprisonment, or even death?

They very well might be. The DOJ has opened up an investigation into who leaked the Styxnet sources.

The bigger shock is that once again an American inside source trying to make Obama look like a hero blames Israel, while the Israeli's can keep their mouth shut even though they are being screwed over.

Keep hitting refresh, my friend! Fox News may put out another talking point for you to echo and you can look ever-so-smart!

Be careful, never wise to feed trolls... They only get bigger and more frustrating.

What do they have to fear? Don't they read? The third temple will be built before the antichrist takes power. If they do nothing about Iran's suspect nuclear program, the river of blood will come. If they do something about Iran's suspect nuclear program, the river of blood will still come. Their actions are a misguided, fear-based, preemptive offensive ... every participant on all sides are leading us down the broad path to destruction.

Israel (its government) is sowing thorns with computer viruses. The US is doing the same. Not one of them know the power of forgiveness, and that harvesting a garden of ripe fruit is much better than what they could ever hope to receive from embargoes. Your enemies don't change their ways when you repay evil for evil; no need to also harm your spirit in the process.

--- especially when your convictions are suspect and emotional; with all your committee's, you've done nothing to solve the problem ...

Agree with the main thrust of this, but let's remember that Iran is *not* an Arab country, is full of Shi'ites, and both the Saudis and the UAE have made very recent large weapons purposes from us to fend off perceived or potential Iranian aggresion. The Saudis went so far as to tell the Israelis they wouldn't stop them from overflight on the way to Iran.

Iran is not an Arab country, but not just because they're Shi'ites.

Iran is in fact a Persian country. However, the fact that they're Shi'ites makes them heretics in the eyes of the Saudi hardliners (Wahhabi Sunnis). Just like Protestants were heretics for Roman Catholics during the 16th century.

Whether or not I think this is good policy, those responsible for the leaks should be tried for treason.

That's the right question, and I think some fairly reasonable arguments as to why have already been made in this thread. Obama administration taking a leaf out of Apple's book, 'leaking' information as a form of press release.

The only other thought that makes sense is blame-shifting after the fact, since they got caught doing the bad deeds, and realised it'd eventually come back to the US either way. "It was those damn Israelis! Everyone knows how jumpy /they/ are!". Indeed...

I just hope I die of old age before this all comes to critical mass, although that is highly unlikely. The future looks quite bleak from my point of view. If we spent all the money from these malware projects on space exploration and/or alternative energy sources, we would have been far better off. I might have been able to get off this crappy rock by now, because this is only going to get worse.

What makes you think any other rock would be any different? There's nothing intrinsic to this earth that causes people to be divisive, ignorant, aggressive bastards. If we don't fix things here, spreading further out is only going to increase the problem.

Agree with the main thrust of this, but let's remember that Iran is *not* an Arab country, is full of Shi'ites, and both the Saudis and the UAE have made very recent large weapons purposes from us to fend off perceived or potential Iranian aggresion. The Saudis went so far as to tell the Israelis they wouldn't stop them from overflight on the way to Iran.

Iran is not an Arab country, but not just because they're Shi'ites.

Iran is in fact a Persian country. However, the fact that they're Shi'ites makes them heretics in the eyes of the Saudi hardliners (Wahhabi Sunnis). Just like Protestants were heretics for Roman Catholics during the 16th century.

Just to clear up the air, if anyone's interested, the Shi'ites of Iran/Lebanon/Bahrain, consider all Sunnis in general as heretics too. Which is why they were so glad and ready to help against Sunni countries like Afghanistan and Iraq. So its the same for the Sunni's, who hate them equally. not just the "wahabi" sunnis.

And like the confirmation that Stuxnet received the explicit backing from two US presidents, the latest confirmation could harm US interests by touching off a cyber-arms race and making it harder for US officials to argue against their use.

I said it in the last article, and I'll say it again in this one: That statement is BS. State-sponsored cyber-espionage/sabotage has been going on and increasing for at least a decade, if not a lot longer (with the USA being the primary target of the ROtW), and will continue to increase whether or not the USA participates or admits participating. The only thing that has changed is now the rest of the countries playing this game know that the USA also knows how to play, and play very well.

They might know how to play the game, but to say they can play it well, thats a bit of a stretch. To play it well you need to be able to defend yourself as well as you can attack others.

The continued theft of F-35 data from government computers, among other things, shows otherwise.

They might know how to play the game, but to say they can play it well, thats a bit of a stretch. To play it well you need to be able to defend yourself as well as you can attack others.

The continued theft of F-35 data from government computers, among other things, shows otherwise.

In that case, it's likely that no one plays it well per your definitions. The biggest impediment to the US attacking other nations networks is that to a large degree, the nations that the US would wish to attack often lack sophisticated enough and well connected enough networks to enable exploitation, or even have a reason to want to exploit them. I mean, do you think the US really cares what a Chinese copy of a US fighter plane is going to look like? There's a reason that so many attacks have come from China over the past decade, and not the other way, and it's highly probable that it has nothing do with how good China's cyber-defenses are.

The biggest impediment to the US attacking other nations networks is that to a large degree, the nations that the US would wish to attack often lack sophisticated enough and well connected enough networks to enable exploitation

I doubt that's the case for the chinese and russians.

Quote:

or even have a reason to want to exploit them. I mean, do you think the US really cares what a Chinese copy of a US fighter plane is going to look like?

Yes. And they will care even much more about what technology they develop from the stolen information to counter as many perceived advantages, and how much of said developed countermeasures end up in the international market.

Quote:

There's a reason that so many attacks have come from China over the past decade, and not the other way, and it's highly probable that it has nothing do with how good China's cyber-defenses are.

I'm willing to bet that attacks on the chinese are just as common, the difference being that the government control over the media prevents leaks of any hint about an attack. And no way in hell the chinese government is going to openly admit to a failure in their networks. Unless they have something to gain by doing it.

While I'm usually impressed with the quality of journalism published by Ars Technica, I am appalled at the series of articles about Flame that have stated U.S. involvement in the development of Stuxnet and Flame as an absolute fact. Your "confirmed reports" are newspaper articles referencing anonymous sources. How is that proof positive? Perhaps these "anonymous sources" have their own agenda which provides reason to be untruthful?

I'm not so naive as to be oblivious to the obvious, that the U.S. is one of the few countries to have both the resources and the motive to produce malware such as this. But anonymous sources don't take away plausible deniability. Stating otherwise, in the headline no doubt,smacks of click-luring sensationalism.

The whole, the Israelis this or that is rather small potatoes and mostly just part of the Obama campaign machine.

If we were involved in the creation of these tools in concert with Israel with the initial target being Iran, then yes, we planned at some point to release and use these tools.

It is about the same as a married couple getting fed up with the neighbor's dog barking all night and buying rat poison to put in its water bowl. If the wife goes an puts the poison in the bowl a few days before the weekend the husband is planning to, it does not change the intent or end results.

No, they are defending themselves against an enemy that has been attacking them and their allies for decades.

What are these attacks you speak of, exactly? According to the history books the last time Iran got in a fight with a U.S. ally was in 1980 (Iran-Iraq war), and then it was the U.S. ally who attacked Iran, not the other way around.

OK then, no attacks. That's alright, there is always the nukes excuse -after all Iran may not have attacked anyone in the past but they might want to in the future if they had nukes. But U.S. and Israeli intelligence both agree with the I.A.E.A. that the weapons program was abandoned back in 2003. So no problem there either.

So does this mean the U.S. and Israel are crazy for treating Iran as a threat? Not at all, it's just that they are a CULTURAL threat, not a MILITARY threat. The U.S. and Israel are worried about the spread of political Islam (and a quick look at election results in places like Egypt, Tunisia or Turkey shows that this is a real thing). Iran is a threat as a potential example of a successful Islamic state, as a model which its neighbors might choose to follow, and this is why it must be punished. We have been here before, remember: domino theory, Cuba, Vietnam, etc.. My problem with all this is I don't much like the idea of attacking a country for it's domestic politics, religion, economic systems, etc.,, which is what the U.S. and Israel are doing here. When you do that it's called "aggression". It's a war crime.